<?xml version="1.0" encoding="utf-8"?>
<!--
                                                                                     
 h       t     t                ::       /     /                     t             / 
 h       t     t                ::      //    //                     t            // 
 h     ttttt ttttt ppppp sssss         //    //  y   y       sssss ttttt         //  
 hhhh    t     t   p   p s            //    //   y   y       s       t          //   
 h  hh   t     t   ppppp sssss       //    //    yyyyy       sssss   t         //    
 h   h   t     t   p         s  ::   /     /         y  ..       s   t    ..   /     
 h   h   t     t   p     sssss  ::   /     /     yyyyy  ..   sssss   t    ..   /     
                                                                                     
	<https://y.st./>
	Copyright © 2015 Alex Yst <mailto:copyright@y.st>

	This program is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation, either version 3 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program. If not, see <https://www.gnu.org./licenses/>.
-->
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<base href="https://y.st./en/weblog/2015/03-March/07.xhtml" />
		<title>And so it begins ... &lt;https://y.st./en/weblog/2015/03-March/07.xhtml&gt;</title>
		<link rel="icon" type="image/png" href="/link/CC_BY-SA_4.0/y.st./icon.png" />
		<link rel="stylesheet" type="text/css" href="/link/basic.css" />
		<link rel="stylesheet" type="text/css" href="/link/site-specific.css" />
		<script type="text/javascript" src="/script/javascript.js" />
		<meta name="viewport" content="width=device-width" />
	</head>
	<body>
		<nav>
			<p>
				<a href="/en/">Home</a> |
				<a href="/en/a/about.xhtml">About</a> |
				<a href="/en/a/contact.xhtml">Contact</a> |
				<a href="/a/canary.txt">Canary</a> |
				<a href="/en/URI_research/"><abbr title="Uniform Resource Identifier">URI</abbr> research</a> |
				<a href="/en/opinion/">Opinions</a> |
				<a href="/en/coursework/">Coursework</a> |
				<a href="/en/law/">Law</a> |
				<a href="/en/a/links.xhtml">Links</a> |
				<a href="/en/weblog/2015/03-March/07.xhtml.asc">{this page}.asc</a>
			</p>
			<hr/>
			<p>
				Weblog index:
				<a href="/en/weblog/"><abbr title="American Standard Code for Information Interchange">ASCII</abbr> calendars</a> |
				<a href="/en/weblog/index_ol_ascending.xhtml">Ascending list</a> |
				<a href="/en/weblog/index_ol_descending.xhtml">Descending list</a>
			</p>
			<hr/>
			<p>
				Jump to entry:
				<a rel="next" href="/en/weblog/2015/03-March/08.xhtml">Next&gt;</a>
				<a href="/en/weblog/latest.xhtml">Latest&gt;&gt;</a>
			</p>
			<hr/>
		</nav>
		<header>
			<h1>And so it begins ...</h1>
			<p>Day 00000: Saturday, 2015 March 07</p>
		</header>
<p>
	My story unfortunately begins in data loss.
	While on the verge of finally acquiring a short domain name, my server&apos;s hard drive was hit with a poorly-timed power surge and died.
	This was one of the few times where my laptop&apos;s hard drive was empty.
	I had just transfered everything from my laptop to my server to install a new <abbr title="operating system">OS</abbr> (Debian 8) on my laptop.
	I lost everything I had in the digital world, including my website, my research, my source code, my artwork, my private keys, and my KeePassX database.
	By losing that KeePassX database, I lost access to all my accounts across the entire Internet.
	I will need to begin anew.
	Learn from this.
	One copy of your data is never enough.
	You need at least two copies minimum at any given time of anything worth keeping.
</p>
<p>
	Most accounts offer you a way to recover the password, but this password recovery option, if it exists, usually involves either a password reminder email (which is proof that your password is insecurely stored in their database), a password reset email, or &quot;security&quot; questions.
	In the case of the former two, you need access to your email account on file, which means I would have needed to have already recovered my email password.
	In the case of the latter, I would need to have known the answers to the &quot;security&quot; questions.
	The problem with &quot;security&quot; questions is that they are not secure at all.
	Anyone who knows you well enough can answer them and hijack your account.
	It is therefore recommended that you use these fields as extra passwords, and not actually answer them honestly.
	That means that these extra passwords would have been in my KeePassX database, and I could not answer them.
	I still highly recommend not answering these questions truthfully, using long, random-character passwords, and using KeePassX to store them, all in the name of security, but <strong>*please*</strong> keep backup copies of your most important files, such as your KeePassX database itself.
</p>
<p>
	I began my day today waking up to a letter from the <a href="http://www.nic.st/"><code>//st.</code> registry</a> saying that my request to register the short name <code>//y.st.</code> had been approved.
	A link was provided in the letter to make the purchase, as well as instructions that if Payex gave me trouble as it had some other users, to try PayPal.
	This did not bode well for me.
	PayPal has been a huge thorn in my side in the past, refusing to take my credit and debit cards without an account, refusing to let me pay from an account at all, refusing to delete my account for several months, demanding copies of my photo <abbr title="identification">ID</abbr>, my Social Security card, and my credit card statements, demanding that I give PayPal complete and total access to my bank account, et cetera.
	Even after meeting all of PayPal&apos;s demands (with the exception of giving them any access at all to my bank account) and getting support to unlock the account for use and/or deletion, every time I would log in to delete the account, PayPal would re-lock the account on me so I would have to deal with the same demands and PayPal support again.
	PayPal is not a viable option.
	If Payex is giving people grief, there is no particular reason why I would not be one of those people, and I know for a fact that PayPal won&apos;t work for me.
</p>
<p>
	Surprisingly though, the Payex payment went through with no hassle.
	I now own <code>//y.st.</code>.
	And thus begins day zero.
</p>
<p>
	The <code>//st.</code> registry does not seem to hash its user&apos;s passwords, which worries me a bit.
	They are able to send password reminders, which means the passwords are stored in a retrievable form.
	However, the <code>//st.</code> registry also does not have the idiotic telephone number requirement.
	My domain name was the one thing that bound me to to the deprecated telephone number system.
	After years, I am finally free!
</p>
<p>
	Seriously though, I wish people would switch to a better system already.
	For example, <abbr title="Session Initiation Protocol">SIP</abbr> addresses are more memorable, more human-readable, more decentralized, and if you use your own domain, more portable.
	They are much better than the strings of digits we call &quot;telephone numbers&quot;.
	It&apos;s worth noting that people have added some portability to telephone numbers, but it&apos;s hacky and less functional than <abbr title="Session Initiation Protocol">SIP</abbr> address portability.
	By default, a telephone number acts similarly to an <abbr title="Internet Protocol">IP</abbr> address, pointing out exactly where a call needs to go.
	However, a ported telephone number instead acts more like a domain name, not pointing itself to the location the call must reach, but instead representing a record that must be looked up to find the address the call must reach.
	This would be like having <abbr title="Internet Protocol">IP</abbr> addresses and domain names be indistinguishable, existing within a single name space! If my understanding is correct, every time you place a call or send a text message using a telephone number, the telephone company must first consult their lookup table to see if your number is ported, and if it is, use the information in the database.
	Then, if it isn&apos;t ported, they just use the telephone number as the basic address it was meant to be.
	As for being less portable than <abbr title="Session Initiation Protocol">SIP</abbr>, if you own the domain name your <abbr title="Session Initiation Protocol">SIP</abbr> account is attached to, you could deactivate your account whenever you like, reactivating it later.
	With ported telephone numbers, you must always be paying a telephone service provider to keep your number from falling into someone else&apos;s hands, even if you don&apos;t plan to use it for an extended period of time (maybe you are on vacation or something).
	The system is broken and needs to be replaced, possibly by <abbr title="Session Initiation Protocol">SIP</abbr>.
</p>
<p>
	The only record types offered by the <code>//st.</code> registry&apos;s default <abbr title="Domain Name System">DNS</abbr> though are <code>A</code>, <code>CNAME</code>, <code>MX</code>, and <code>TXT</code>.
	While it&apos;s awesome that the <code>//st.</code> registry offers <abbr title="Domain Name System">DNS</abbr> as all, I may need to find an alternative <abbr title="Domain Name System">DNS</abbr> provider in the future to enable use of <code>SERV</code> records.
</p>
<p>
	I managed to generate my first self-signed wildcard <abbr title="Secure Sockets Layer">SSL</abbr> certificates today, for use with this domain and my onion domain.
	The user ghetto on <a href="ircs://irc.oftc.net:6697/%23nottor">#nottor</a> was very helpful in helping me figure out how to get OpenSSL to generate the certificate, as was <a href="https://www.openssl.org/docs/HOWTO/certificates.txt">this page by Richard Levitte</a> and a <a href="https://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-certificate-with-subjectaltname-using-openssl">post on Stack Overflow</a> by <a href="https://stackoverflow.com/users/608639/jww">jww</a>.
	It seems OpenSSL is a bit broken, and using the <code>subjectAltName</code> field requires editing the configuration files owned by root every time you want to use different values, which should be each time you generate a certificate.
</p>
<p>
	Apache is configured, OpenSSL is configured ...
	The next step will be to get an email server configured.
	Once I am reachable by email, I should be able to begin rebuilding my Internet presence.
	I&apos;ve begun configuring Dovecot, but have not gotten the mail server fully set up yet.
</p>
		<hr/>
		<p>
			Copyright © 2015 Alex Yst;
			You may modify and/or redistribute this document under the terms of the <a rel="license" href="/license/gpl-3.0-standalone.xhtml"><abbr title="GNU&apos;s Not Unix">GNU</abbr> <abbr title="General Public License version Three or later">GPLv3+</abbr></a>.
			If for some reason you would prefer to modify and/or distribute this document under other free copyleft terms, please ask me via email.
			My address is in the source comments near the top of this document.
			This license also applies to embedded content such as images.
			For more information on that, see <a href="/en/a/licensing.xhtml">licensing</a>.
		</p>
		<p>
			<abbr title="World Wide Web Consortium">W3C</abbr> standards are important.
			This document conforms to the <a href="https://validator.w3.org./nu/?doc=https%3A%2F%2Fy.st.%2Fen%2Fweblog%2F2015%2F03-March%2F07.xhtml"><abbr title="Extensible Hypertext Markup Language">XHTML</abbr> 5.1</a> specification and uses style sheets that conform to the <a href="http://jigsaw.w3.org./css-validator/validator?uri=https%3A%2F%2Fy.st.%2Fen%2Fweblog%2F2015%2F03-March%2F07.xhtml"><abbr title="Cascading Style Sheets">CSS</abbr>3</a> specification.
		</p>
	</body>
</html>

